Sonatype Nexus bụ ikpo okwu agbakwunyere nke ndị mmepe nwere ike iji proxy, chekwaa ma jikwaa Java (Maven), Docker, Python, Ruby, NPM, Bower oyiyi, ngwugwu RPM, gitlfs, Apt, Go, Nuget, ma kesaa nchekwa ngwanrọ ha.
Gịnị mere ị chọrọ Sonatype Nexus?
- Maka ịchekwa ihe arịa nkeonwe;
- Maka ịchekwa arịa ndị ebudatara na ịntanetị;
Artifacts akwadoro na ngwungwu Nexus nke Sonatype:
- Java, Maven (ite)
- Docker
- Python (pip)
- Ruby (bara nnukwu uru)
- NPM
- Ike
- Yum (rpm)
- gitlfs
- raw
- Kwesịrị ekwesị (ụgwọ)
- Go
- Nuget
Ihe ndị ogbe na-akwado:
- andiwet
- Conan
- CPAN
- ELPA
- Helm
- P2
- R
Ịwụnye Sonatype Nexus iji
chọrọ
- Gụkwuo maka iji ike eme ihe na ịntanetị.
- Wụnye ekwe omume
pip install ansiblena ebe a na-arụ ọrụ ebe akwụkwọ egwu na-agba. - Tọọ na ebe a na-arụ ọrụ ebe akwụkwọ egwu na-agba.
- Tọọ na ebe a na-arụ ọrụ ebe akwụkwọ egwu na-agba.
- A nwalere ọrụ a na CentOS 7, Ubuntu Xenial (16.04) na Bionic (18.04), Debian Jessie na Stretch.
jmespathA ga-etinyerịrị ọba akwụkwọ n'ebe a na-arụ ọrụ ebe akwụkwọ egwu na-agba. Iji wụnye:sudo pip install -r requirements.txt- Chekwaa faịlụ playbook (ihe atụ n'okpuru) na faịlụ nexus.yml
- Gbaa nwụnye nexus
ansible-playbook -i host nexus.yml
Ọmụmaatụ akwụkwọ egwu nwere ike ịwụnye nexus na-enweghị LDAP na Maven (java), Docker, Python, Ruby, NPM, Bower, RPM na gitlfs repositories.
---
- name: Nexus
hosts: nexus
become: yes
vars:
nexus_timezone: 'Asia/Omsk'
nexus_admin_password: "admin123"
nexus_public_hostname: 'apatsev-nexus-playbook'
httpd_setup_enable: false
nexus_privileges:
- name: all-repos-read
description: 'Read & Browse access to all repos'
repository: '*'
actions:
- read
- browse
- name: company-project-deploy
description: 'Deployments to company-project'
repository: company-project
actions:
- add
- edit
nexus_roles:
- id: Developpers # maps to the LDAP group
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
- company-project-deploy
roles: []
nexus_local_users:
- username: jenkins # used as key to update
first_name: Jenkins
last_name: CI
email: [email protected]
password: "s3cr3t"
roles:
- Developpers # role ID here
nexus_blobstores:
- name: company-artifacts
path: /var/nexus/blobs/company-artifacts
nexus_scheduled_tasks:
- name: compact-blobstore
cron: '0 0 22 * * ?'
typeId: blobstore.compact
taskProperties:
blobstoreName: 'company-artifacts'
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
- name: vaadin-addons
remote_url: 'https://maven.vaadin.com/vaadin-addons/'
- name: jaspersoft
remote_url: 'https://jaspersoft.artifactoryonline.com/jaspersoft/jaspersoft-repo/'
version_policy: mixed
nexus_repos_maven_hosted:
- name: company-project
version_policy: mixed
write_policy: allow
blob_store: company-artifacts
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jboss
- vaadin-addons
- jaspersoft
# Yum. Change nexus_config_yum to true for create yum repository
nexus_config_yum: true
nexus_repos_yum_hosted:
- name: private_yum_centos_7
repodata_depth: 1
nexus_repos_yum_proxy:
- name: epel_centos_7_x86_64
remote_url: http://download.fedoraproject.org/pub/epel/7/x86_64
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
- name: centos-7-os-x86_64
remote_url: http://mirror.centos.org/centos/7/os/x86_64/
maximum_component_age: -1
maximum_metadata_age: -1
negative_cache_ttl: 60
nexus_repos_yum_group:
- name: yum_all
member_repos:
- private_yum_centos_7
- epel_centos_7_x86_64
# NPM. Change nexus_config_npm to true for create npm repository
nexus_config_npm: true
nexus_repos_npm_hosted: []
nexus_repos_npm_group:
- name: npm-public
member_repos:
- npm-registry
nexus_repos_npm_proxy:
- name: npm-registry
remote_url: https://registry.npmjs.org/
negative_cache_enabled: false
# Docker. Change nexus_config_docker to true for create docker repository
nexus_config_docker: true
nexus_repos_docker_hosted:
- name: docker-hosted
http_port: "{{ nexus_docker_hosted_port }}"
v1_enabled: True
nexus_repos_docker_proxy:
- name: docker-proxy
http_port: "{{ nexus_docker_proxy_port }}"
v1_enabled: True
index_type: "HUB"
remote_url: "https://registry-1.docker.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_docker_group:
- name: docker-group
http_port: "{{ nexus_docker_group_port }}"
v1_enabled: True
member_repos:
- docker-hosted
- docker-proxy
# Bower. Change nexus_config_bower to true for create bower repository
nexus_config_bower: true
nexus_repos_bower_hosted:
- name: bower-hosted
nexus_repos_bower_proxy:
- name: bower-proxy
index_type: "proxy"
remote_url: "https://registry.bower.io"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_bower_group:
- name: bower-group
member_repos:
- bower-hosted
- bower-proxy
# Pypi. Change nexus_config_pypi to true for create pypi repository
nexus_config_pypi: true
nexus_repos_pypi_hosted:
- name: pypi-hosted
nexus_repos_pypi_proxy:
- name: pypi-proxy
index_type: "proxy"
remote_url: "https://pypi.org/"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_pypi_group:
- name: pypi-group
member_repos:
- pypi-hosted
- pypi-proxy
# rubygems. Change nexus_config_rubygems to true for create rubygems repository
nexus_config_rubygems: true
nexus_repos_rubygems_hosted:
- name: rubygems-hosted
nexus_repos_rubygems_proxy:
- name: rubygems-proxy
index_type: "proxy"
remote_url: "https://rubygems.org"
use_nexus_certificates_to_access_index: false
maximum_component_age: 1440
maximum_metadata_age: 1440
negative_cache_enabled: true
negative_cache_ttl: 1440
nexus_repos_rubygems_group:
- name: rubygems-group
member_repos:
- rubygems-hosted
- rubygems-proxy
# gitlfs. Change nexus_config_gitlfs to true for create gitlfs repository
nexus_config_gitlfs: true
nexus_repos_gitlfs_hosted:
- name: gitlfs-hosted
roles:
- { role: geerlingguy.java }
# Debian/Ubuntu only
# - { role: geerlingguy.apache, apache_create_vhosts: no, apache_mods_enabled: ["proxy_http.load", "headers.load"], apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
# RedHat/CentOS only
- { role: geerlingguy.apache, apache_create_vhosts: no, apache_remove_default_vhost: true, tags: ["geerlingguy.apache"] }
- { role: ansible-thoteam.nexus3-oss, tags: ['ansible-thoteam.nexus3-oss'] }Nseta ihuenyo:
Ọrụ dị iche iche
Ngbanwe ọrụ
Mgbanwe nwere ụkpụrụ ndabara (lee default/main.yml):
Ngbanwe izugbe
nexus_version: ''
nexus_timezone: 'UTC'Site na ndabara, ọrụ ahụ ga-arụnye ụdị Nexus dị ọhụrụ. Ị nwere ike idozi ụdị ahụ site n'ịgbanwe mgbanwe nexus_version. Hụ ụdịdị dị na .
Ọ bụrụ na ị gbanwee gaa na ụdị ọhụrụ, ọrụ ahụ ga-anwa imelite nrụnye Nexus gị.
Ọ bụrụ na ị na-eji ụdị Nexus nke ochie karịa nke kachasị ọhụrụ, ị ga-ahụ na ị naghị eji atụmatụ ndị na-adịghị na ntọhapụ arụnyere (dịka ọmụmaatụ, ebe nchekwa yum dị maka nexus karịrị 3.8.0, git lfs repo). maka nexus karịrị 3.3.0 wdg)
nexus timezone bụ aha mpaghara oge Java, nke nwere ike ịba uru yana nchikota ya na okwu cron ndị a maka ọrụ nexus_scheduled.
ọdụ ụgbọ mmiri Nexus na ụzọ okirikiri
nexus_default_port: 8081
nexus_default_context_path: '/'Ụzọ ọdụ ụgbọ mmiri na ihe gbara ya gburugburu nke usoro njikọ Java. nexus_default_context_path ga-enwerịrị slash n'ihu mgbe atọrọ ya, dịka: nexus_default_context_path: '/nexus/'.
Onye ọrụ Nexus OS na Otu
nexus_os_group: 'nexus'
nexus_os_user: 'nexus'Onye ọrụ na ndị otu na-eji faịlụ Nexus ma na-arụ ọrụ a ga-emepụta site na ọrụ ma ọ bụrụ na onye na-efu efu.
nexus_os_user_home_dir: '/home/nexus'Kwe ka ịgbanwe akwụkwọ ndekọ aha ụlọ maka onye ọrụ nexus
Akwụkwọ ndekọ aha Nexus
nexus_installation_dir: '/opt'
nexus_data_dir: '/var/nexus'
nexus_tmp_dir: "{{ (ansible_os_family == 'RedHat') | ternary('/var/nexus-tmp', '/tmp/nexus') }}"Nexus katalọgụ.
nexus_installation_dirnwere faịlụ arụnyere arụrụ arụ ọrụnexus_data_dirnwere nhazi niile, ebe nchekwa na ihe arịa ndị ebudatara. Ụzọ blobstore omenalanexus_data_direnwere ike ịhazi ya, lee n'okpurunexus_blobstores.nexus_tmp_dirnwere faịlụ nwa oge niile. Ewepụla ụzọ ndabara maka redhat/tmpiji merie nsogbu ndị nwere ike ime na usoro nhicha akpaka. Lee #168.
Na-ahazi ojiji ebe nchekwa Nexus JVM
nexus_min_heap_size: "1200M"
nexus_max_heap_size: "{{ nexus_min_heap_size }}"
nexus_max_direct_memory: "2G"Ndị a bụ ntọala ndabere maka Nexus. Biko agbanwela ụkpụrụ ndị a Ọ bụrụ na ịgụbeghị akwụkwọ ma aghọtaghị ihe ha na-eme.
Dị ka ịdọ aka ná ntị nke abụọ, nke a bụ akụkụ nke akwụkwọ a dị n'elu:
A naghị atụ aro ka ịbawanye ebe nchekwa JVM karịa ụkpụrụ akwadoro na mbọ iji melite arụmọrụ. Nke a nwere ike inwe mmetụta dị iche, na-ebute ọrụ na-adịghị mkpa maka sistemụ arụmọrụ.
Okwuntughe onye nchịkwa
nexus_admin_password: 'changeme'Okwuntughe akaụntụ “admin” maka ịtọlite . Nke a na-arụ ọrụ naanị na nrụnye ndabara mbụ. Biko hụ [Gbanwee paswọọdụ nchịkwa mgbe echichi mbụ](# change-admin-password-after-first-install) ma ọ bụrụ na ịchọrọ ịgbanwe ya ma emechaa jiri ọrụ.
A na-atụ aro ka ị ghara ịchekwa paswọọdụ gị na ederede doro anya n'ime akwụkwọ egwuregwu, kama ka ị na-eji [ansible-vault encryption] () (ma inline ma ọ bụ na faịlụ dị iche nke ejiri ya dịka gụnyere_vars)
Nnweta na-amaghị aha site na ndabara
nexus_anonymous_access: falseAkwụsịghị ohere na-amaghị aha site na ndabara. Gụkwuo maka ya .
Aha nnabata ọha
nexus_public_hostname: 'nexus.vm'
nexus_public_scheme: httpsAha ngalaba na atụmatụ tozuru oke (https ma ọ bụ http) nke ihe atụ Nexus ga-adị maka ndị ahịa ya.
Nweta API maka ọrụ a
nexus_api_hostname: localhost
nexus_api_scheme: http
nexus_api_validate_certs: "{{ nexus_api_scheme == 'https' }}"
nexus_api_context_path: "{{ nexus_default_context_path }}"
nexus_api_port: "{{ nexus_default_port }}"Ụdị mgbanwe ndị a na-achịkwa ka ọrụ ahụ si ejikọta na Nexus API maka inye.
Maka ndị ọrụ dị elu naanị. Eleghị anya ị chọghị ịgbanwe ntọala ndabara ndị a
Ịtọlite proxy reverse
httpd_setup_enable: false
httpd_server_name: "{{ nexus_public_hostname }}"
httpd_default_admin_email: "[email protected]"
httpd_ssl_certificate_file: 'files/nexus.vm.crt'
httpd_ssl_certificate_key_file: 'files/nexus.vm.key'
# httpd_ssl_certificate_chain_file: "{{ httpd_ssl_certificate_file }}"
httpd_copy_ssl_files: trueTọọ .
Iji mee nke a, ịkwesịrị ịwụnye httpd. Mara: mgbe maka httpd_setup_enable setịpụrụ urutrue, kọntaktị nexus 127.0.0.1:8081, si otú bụghị A na-enweta ya ozugbo site na ọdụ ụgbọ mmiri HTTP 8081 site na adreesị IP mpụga.
Aha nnabata eji eme ihe bụ nexus_public_hostname. Ọ bụrụ na ịchọrọ aha dị iche iche maka ihe ụfọdụ, ị nwere ike ịtọ httpd_server_name nwere ihe dị iche.
С httpd_copy_ssl_files: true (site na ndabara) asambodo ndị dị n'elu kwesịrị ịdị na ndekọ ndekọ egwu gị, a ga-e copyomi ya na sava wee hazie ya na apache.
Ọ bụrụ na ịchọrọ iji asambodo dị na sava ahụ, wụnye httpd_copy_ssl_files: false ma wepụta mgbanwe ndị a:
# These specifies to the vhost where to find on the remote server file
# system the certificate files.
httpd_ssl_cert_file_location: "/etc/pki/tls/certs/wildcard.vm.crt"
httpd_ssl_cert_key_location: "/etc/pki/tls/private/wildcard.vm.key"
# httpd_ssl_cert_chain_file_location: "{{ httpd_ssl_cert_file_location }}"httpd_ssl_cert_chain_file_location bụ nhọrọ ma ekwesịrị ịhapụ ya na ịtọghị ya ma ọ bụrụ na ịchọghị ịhazi faịlụ yinye
httpd_default_admin_email: "[email protected]"Tọọ adreesị ozi-e onye nchịkwa nke ndabara
Nhazi LDAP
Akwụsịghị njikọ LDAP na mpaghara nchekwa na ndabara
nexus_ldap_realm: false
ldap_connections: [], ihe nke ọ bụla dị ka nke a:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'My Company LDAP' # used as a key to update the ldap config
ldap_protocol: 'ldaps' # ldap or ldaps
ldap_hostname: 'ldap.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false # Wether or not to use certs in the nexus trust store
ldap_search_base: 'dc=mycompany,dc=net'
ldap_auth: 'none' # or simple
ldap_auth_username: 'username' # if auth = simple
ldap_auth_password: 'password' # if auth = simple
ldap_user_base_dn: 'ou=users'
ldap_user_filter: '(cn=*)' # (optional)
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: false
ldap_map_groups_as_roles: false
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'posixGroup'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'memberUid'
ldap_group_member_format: '${username}'
ldap_group_subtree: falseNhazi LDAP ọmụmaatụ maka njirimara amaghị aha (njide na-enweghị aha), nke a bụkwa nhazi "opekempe":
nexus_ldap_realm: true
ldap_connection:
- ldap_name: 'Simplest LDAP config'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_search_base: 'dc=mycompany,dc=net'
ldap_port: 636
ldap_use_trust_store: false
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_object_class: 'inetOrgPerson'Nhazi LDAP ọmụmaatụ maka nyocha dị mfe (iji akaụntụ DSA):
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_user_subtree: falseNhazi LDAP Ọmụmaatụ maka nyocha dị mfe (iji akaụntụ DSA) + otu nke edobere dị ka ọrụ:
nexus_ldap_realm: true
ldap_connections
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_group_base_dn: 'ou=groups'
ldap_group_object_class: 'groupOfNames'
ldap_group_id_attribute: 'cn'
ldap_group_member_attribute: 'member'
ldap_group_member_format: 'uid=${username},ou=users,dc=mycompany,dc=net'
ldap_group_subtree: falseNhazi LDAP Ọmụmaatụ maka nyocha dị mfe (iji akaụntụ DSA) + otu dị iche iche nke edobere dị ka ọrụ:
nexus_ldap_realm: true
ldap_connections:
- ldap_name: 'LDAP config with DSA'
ldap_protocol: 'ldaps'
ldap_hostname: 'annuaire.mycompany.com'
ldap_port: 636
ldap_use_trust_store: false
ldap_auth: 'simple'
ldap_auth_username: 'cn=mynexus,ou=dsa,dc=mycompany,dc=net'
ldap_auth_password: "{{ vault_ldap_dsa_password }}" # better keep passwords in an ansible vault
ldap_search_base: 'dc=mycompany,dc=net'
ldap_user_base_dn: 'ou=users'
ldap_user_object_class: 'inetOrgPerson'
ldap_user_id_attribute: 'uid'
ldap_user_real_name_attribute: 'cn'
ldap_user_email_attribute: 'mail'
ldap_map_groups_as_roles: true
ldap_map_groups_as_roles_type: 'dynamic'
ldap_user_memberof_attribute: 'memberOf'Ihe ùgwù
nexus_privileges:
- name: all-repos-read # used as key to update a privilege
# type: <one of application, repository-admin, repository-content-selector, repository-view, script or wildcard>
description: 'Read & Browse access to all repos'
repository: '*'
actions: # can be add, browse, create, delete, edit, read or * (all)
- read
- browse
# pattern: pattern
# domain: domain
# script_name: nameNdepụta nke maka ntọala. Lelee akwụkwọ na GUI ka ịlele mgbanwe ndị achọrọ ka edobe dabere na ụdị ihe ùgwù ahụ.
Ejikọtara ihe ndị a yana ụkpụrụ ndabara ndị a:
_nexus_privilege_defaults:
type: repository-view
format: maven2
actions:
- readỌrụ (n'ime Nexus nke a pụtara)
nexus_roles:
- id: Developpers # can map to a LDAP group id, also used as a key to update a role
name: developers
description: All developers
privileges:
- nx-search-read
- all-repos-read
roles: [] # references to other role namesNdepụta nke maka ntọala.
Ndị ọrụ
nexus_local_users: []
# - username: jenkins # used as key to update
# state: present # default value if ommited, use 'absent' to remove user
# first_name: Jenkins
# last_name: CI
# email: [email protected]
# password: "s3cr3t"
# roles:
# - developers # role IDNdepụta akaụntụ ndị ọrụ mpaghara (na-abụghị LDAP) iji mepụta na nexus.
Ndepụta nke ndị ọrụ/akaụntụ mpaghara (na-abụghị LDAP) imepụta na Nexus.
nexus_ldap_users: []
# - username: j.doe
# state: present
# roles:
# - "nx-admin"Maapụ Ldap nke ndị ọrụ/ọrụ. Steeti absent ga-ewepụ ọrụ n'aka onye ọrụ dị adị ma ọ bụrụ na ọ dị adị.
A naghị ehichapụ ndị ọrụ Ldap. Ịgbalị ịtọ ọrụ maka onye ọrụ adịghị adị ga-ebute mperi.
Ndị na-ahọpụta ọdịnaya
nexus_content_selectors:
- name: docker-login
description: Selector for docker login privilege
search_expression: format=="docker" and path=~"/v2/"Maka ozi ndị ọzọ gbasara onye na-ahọrọ ọdịnaya, hụ .
Iji jiri nhọpụta ọdịnaya, tinye ihe ùgwù ọhụrụ yana type: repository-content-selector na mkpacontentSelector
- name: docker-login-privilege
type: repository-content-selector
contentSelector: docker-login
description: 'Login to Docker registry'
repository: '*'
actions:
- read
- browseBlobstos na repositories
nexus_delete_default_repos: falseHichapụ ebe nchekwa na nexus wụnye nhazi mbụ nke ndabara. A na-eme usoro a naanị na wụnye oge mbụ (mgbe nexus_data_dir a chọpụtala na ọ tọgbọ chakoo).
Iwepu ebe nchekwa na ndabara ndabara maka Nexus. A na-eme usoro a naanị n'oge nrụnye mbụ (mgbe nexus_data_dir efu).
nexus_delete_default_blobstore: falseHichapụ ihe ndabara blobstore na nexus wụnye nhazi mbụ nke ndabara. Enwere ike ime nke a naanị ma ọ bụrụ nexus_delete_default_repos: true na ebe nchekwa niile ahaziri (lee n'okpuru) nwere nkọwa doro anya blob_store: custom. A na-eme usoro a naanị na wụnye oge mbụ (mgbe nexus_data_dir a chọpụtala na ọ tọgbọ chakoo).
Ewepụ nchekwa blob (ihe arụ ọrụ ọnụọgụ abụọ) nwere nkwarụ site na ndabara site na nhazi mbụ. Iji wepu nchekwa blob (ihe arụ ọrụ ọnụọgụ abụọ), gbanyụọ nexus_delete_default_repos: true. A na-eme usoro a naanị n'oge nrụnye mbụ (mgbe nexus_data_dir efu).
nexus_blobstores: []
# example blobstore item :
# - name: separate-storage
# type: file
# path: /mnt/custom/path
# - name: s3-blobstore
# type: S3
# config:
# bucket: s3-blobstore
# accessKeyId: "{{ VAULT_ENCRYPTED_KEY_ID }}"
# secretAccessKey: "{{ VAULT_ENCRYPTED_ACCESS_KEY }}"imepụta. Enweghị ike imelite ụzọ blobstore na ebe nchekwa ebe nchekwa mgbe emechara mbụ (mmelite ọ bụla a ga-eleghara anya na inyeghachi ya).
A na-enye nhazi blobstore na S3 ka ọ dị mma na ọ bụghị akụkụ nke ule akpaaka anyị na-agba na travis. Biko mara na ịchekwa na S3 ka akwadoro naanị maka oge etinyere na AWS.
Okike . Enweghị ike imelite ụzọ nchekwa na ebe nchekwa ka emechara mbụ (mmelite ọ bụla a ga-eleghara anya mgbe arụnyere ọzọ).
A na-ewepụta ebe nchekwa blob na S3 ka ọ dị mma. Biko mara na nchekwa S3 ka akwadoro maka ihe atụ etinyere na AWS.
nexus_repos_maven_proxy:
- name: central
remote_url: 'https://repo1.maven.org/maven2/'
layout_policy: permissive
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
- name: jboss
remote_url: 'https://repository.jboss.org/nexus/content/groups/public-jboss/'
# maximum_component_age: -1
# maximum_metadata_age: 1440
# negative_cache_enabled: true
# negative_cache_ttl: 1440
# example with a login/password :
# - name: secret-remote-repo
# remote_url: 'https://company.com/repo/secure/private/go/away'
# remote_username: 'username'
# remote_password: 'secret'
# # maximum_component_age: -1
# # maximum_metadata_age: 1440
# # negative_cache_enabled: true
# # negative_cache_ttl: 1440N'elu bụ nhazi ihe atụ Maven.
nexus_repos_maven_hosted:
- name: private-release
version_policy: release
write_policy: allow_once # one of "allow", "allow_once" or "deny"Maven nhazi. Nhazi cache na-adịghị mma bụ nhọrọ ma ọ ga-adaba na ụkpụrụ ndị dị n'elu ma ọ bụrụ na ahapụ ya.
Nhazi Maven. Nhazi cache na-adịghị mma (-1) bụ nhọrọ ma ọ ga-adaba na ụkpụrụ ndị dị n'elu ma ọ bụrụ na akọwaghị ya.
nexus_repos_maven_group:
- name: public
member_repos:
- central
- jbossNhazi Maven.
Ejikọtara ụdị nchekwa atọ niile yana ụkpụrụ ndabara ndị a:
_nexus_repos_maven_defaults:
blob_store: default # Note : cannot be updated once the repo has been created
strict_content_validation: true
version_policy: release # release, snapshot or mixed
layout_policy: strict # strict or permissive
write_policy: allow_once # one of "allow", "allow_once" or "deny"
maximum_component_age: -1 # Nexus gui default. For proxies only
maximum_metadata_age: 1440 # Nexus gui default. For proxies only
negative_cache_enabled: true # Nexus gui default. For proxies only
negative_cache_ttl: 1440 # Nexus gui default. For proxies onlyDocker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS na yum ụdị nchekwa nchekwa:
-ahụ defaults/main.yml maka nhọrọ ndị a:
Docker, Pypi, Raw, Rubygems, Bower, NPM, Git-LFS na yum repositories nwere nkwarụ site na ndabara:
Lee defaults/main.yml maka nhọrọ ndị a:
nexus_config_pypi: false
nexus_config_docker: false
nexus_config_raw: false
nexus_config_rubygems: false
nexus_config_bower: false
nexus_config_npm: false
nexus_config_gitlfs: false
nexus_config_yum: falseBiko mara na ị nwere ike ịme ka ụfọdụ oghere nchekwa ma ọ bụrụ na ịchọrọ iji ụdị nchekwa ndị ọzọ na-abụghị maven. Nke a bụ ụgha na ndabara
nexus_nuget_api_key_realm: false
nexus_npm_bearer_token_realm: false
nexus_docker_bearer_token_realm: false # required for docker anonymous accessEnwere ike ịgbakwa mpaghara onye ọrụ dịpụrụ adịpụ site na iji
nexus_rut_auth_realm: truena aha nwere ike ahaziri site n'ịkọwa
nexus_rut_auth_header: "CUSTOM_HEADER"Ọrụ akwadoro
nexus_scheduled_tasks: []
# # Example task to compact blobstore :
# - name: compact-docker-blobstore
# cron: '0 0 22 * * ?'
# typeId: blobstore.compact
# task_alert_email: [email protected] # optional
# taskProperties:
# blobstoreName: {{ nexus_blob_names.docker.blob }} # all task attributes are stored as strings by nexus internally
# # Example task to purge maven snapshots
# - name: Purge-maven-snapshots
# cron: '0 50 23 * * ?'
# typeId: repository.maven.remove-snapshots
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# minimumRetained: "2"
# snapshotRetentionDays: "2"
# gracePeriodInDays: "2"
# booleanTaskProperties:
# removeIfReleased: true
# # Example task to purge unused docker manifest and images
# - name: Purge unused docker manifests and images
# cron: '0 55 23 * * ?'
# typeId: "repository.docker.gc"
# task_alert_email: [email protected] # optional
# taskProperties:
# repositoryName: "*" # * for all repos. Change to a repository name if you only want a specific one
# # Example task to purge incomplete docker uploads
# - name: Purge incomplete docker uploads
# cron: '0 0 0 * * ?'
# typeId: "repository.docker.upload-purge"
# task_alert_email: [email protected] # optional
# taskProperties:
# age: "24" maka ntọala. typeId na ọrụ kpọmkwemtaskProperties/booleanTaskProperties ị nwere ike iche:
- site na ụdị usoro Java
org.sonatype.nexus.scheduling.TaskDescriptorSupport - na-elele ụdị ọrụ okike HTML na ihe nchọgharị gị
- site na ịlele arịrịọ AJAX na ihe nchọgharị mgbe ị na-eji aka na-edozi ọrụ.
Ekwesịrị ikwupụta akụrụngwa ọrụ na ngọngọ yaml ziri ezi dabere n'ụdị ha:
taskPropertiesmaka akụrụngwa eriri niile (ya bụ aha ebe nchekwa, aha ebe nchekwa, oge oge...).booleanTaskPropertiesmaka ihe niile ezi uche dị na ya (ya bụ, igbe nlele na GUI nke ọrụ okike nexus).
Ndabere
nexus_backup_configure: false
nexus_backup_cron: '0 0 21 * * ?' # See cron expressions definition in nexus create task gui
nexus_backup_dir: '/var/nexus-backup'
nexus_restore_log: '{{ nexus_backup_dir }}/nexus-restore.log'
nexus_backup_rotate: false
nexus_backup_rotate_first: false
nexus_backup_keep_rotations: 4 # Keep 4 backup rotation by default (current + last 3)Agaghị ahazi ndabere ruo mgbe ị gbanwere nexus_backup_configure в true.
N'okwu a, a ga-ahazi ọrụ ederede ahaziri ka ọ rụọ ọrụ na Nexus
na etiti oge akọwapụtara na nexus_backup_cron (ndabere 21:00 kwa ụbọchị).
Lee [groovy template for a task](templates/backup.groovy.j2) maka nkọwa.
Ọrụ a ahaziri anọghị na ndị ọzọ nexus_scheduled_tasksnke ị
kwupụta n'akwụkwọ egwuregwu gị.
Ọ bụrụ na ịchọrọ ịtụgharị/ihichapụ ndabere, wụnye nexus_backup_rotate: true ma hazie ọnụọgụ nkwado ndabere na mpaghara ịchọrọ ịchekwa site na iji nexus_backup_keep_rotations (nke mbụ 4).
Mgbe ị na-eji ntụgharị, ọ bụrụ na ịchọrọ ịchekwa ohere diski ọzọ n'oge usoro ndabere,
Ị nwere ike ịwụnye nexus_backup_rotate_first: true. Nke a ga-ahazi tupu ntụgharị/ihichapụ tupu ndabere. Site na ndabara, ntụgharị na-eme mgbe emechara ndabere. Biko mara na na nke a, ndabere ochie
a ga-ehichapụ tupu emee nkwado ndabere ugbu a.
Usoro mgbake
Jiri paramita mee akwụkwọ egwuregwu -e nexus_restore_point=<YYYY-MM-dd-HH-mm-ss>
(dịka ọmụmaatụ, 2017-12-17-21-00-00 maka Disemba 17, 2017 na 21:00
Na-ewepu nexus
Ịdọ aka ná ntị: Nke a ga-ehichapụ data gị ugbu a kpamkpam. Jide n'aka na ị ga-eme nkwado ndabere na mbụ ma ọ bụrụ na ọ dị mkpa
Jiri mgbanwe nexus_purgeọ bụrụ na ịchọrọ ịmalitegharị site na ọkọ ma tinyegharịa ihe atụ nexus na-ewepụ data niile.
ansible-playbook -i your/inventory.ini your_nexus_playbook.yml -e nexus_purge=trueGbanwee paswọọdụ nchịkwa mgbe echichi mbụ gasịrị
nexus_default_admin_password: 'admin123'E kwesịghị ịgbanwe nke a n'akwụkwọ egwuregwu gị. Nke a na-ejupụta na paswọọdụ nchịkwa Nexus nke ndabara mgbe arụnyere na mbụ wee hụ na anyị nwere ike ịgbanwe paswọọdụ nchịkwa ka ọ bụrụ nexus_admin_password.
Ọ bụrụ na ịchọrọ ịgbanwe paswọọdụ nchịkwa mgbe nrụnye mbụ gasịrị, ị nwere ike ịgbanwe ya nwa oge gaa na paswọọdụ ochie site na ahịrị iwu. Mgbe mgbanwe nexus_admin_password N'ime akwụkwọ egwuregwu gị ị nwere ike ịgba ọsọ:
ansible-playbook -i your/inventory.ini your_playbook.yml -e nexus_default_admin_password=oldPasswordỌwa Telegram na Nexus Sonatype:
Naanị ndị ọrụ edebanyere aha nwere ike isonye na nyocha a. , Biko.
Kedu ụlọ nkwakọba ihe ị na-eji?
-
Sonatype Nexus bụ n'efu
-
Sonatype Nexus kwụrụ
-
Nrụpụta ihe bụ n'efu
-
Akwụrụ ihe arụrụ arụ
-
Harbour
-
Pulp
Ndị ọrụ 9 tụrụ vootu. Ndị ọrụ 3 anabataghị.
isi: www.habr.com